Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
From: Larry Seltzer (larrylarryseltzer.com)
Date: Wed Mar 03 2004 - 10:58:31 CST
>>The problem is the antivirus installed in the perimeter, that does not detect those
samples. Exist some antivirus that detects the ZIP infected without knowing the
I'm sure more of these detect it by now. I suppose SOP for these scanners has been to
extract files from ZIPs and scan them, but they need a more complex procedure now. Is it
possible that portions of the encrypted ZIP are consistant enough regardless of the key
that they can identify it? If not, for this particular case they could hack at the ZIP
file and use the message body as a dictionary.
eWEEK.com Security Center Editor
Full-Disclosure - We believe in it.